Merge pull request #10177 from julek-wolfssl/add-missing-bwrap

Add bwrap network namespace isolation to scripts with listening ports
This commit is contained in:
David Garske
2026-04-10 14:24:07 -07:00
committed by GitHub
3 changed files with 45 additions and 0 deletions
+15
View File
@@ -2,6 +2,21 @@
#benchmark.test
# if we can, isolate the network namespace to eliminate port collisions.
if [ -n "$NETWORK_UNSHARE_HELPER" ]; then
if [ -z "$NETWORK_UNSHARE_HELPER_CALLED" ]; then
export NETWORK_UNSHARE_HELPER_CALLED=yes
exec "$NETWORK_UNSHARE_HELPER" "$0" "$@" || exit $?
fi
elif [ "${AM_BWRAPPED-}" != "yes" ]; then
bwrap_path="$(command -v bwrap)"
if [ -n "$bwrap_path" ]; then
export AM_BWRAPPED=yes
exec "$bwrap_path" --unshare-net --dev-bind / / "$0" "$@"
fi
unset AM_BWRAPPED
fi
[ ! -x ./examples/client/client ] && printf '\n\n%s\n' "Client doesn't exist" \
&& exit 1
+15
View File
@@ -5,6 +5,21 @@
set -e
# if we can, isolate the network namespace to eliminate port collisions.
if [[ -n "$NETWORK_UNSHARE_HELPER" ]]; then
if [[ -z "$NETWORK_UNSHARE_HELPER_CALLED" ]]; then
export NETWORK_UNSHARE_HELPER_CALLED=yes
exec "$NETWORK_UNSHARE_HELPER" "$0" "$@" || exit $?
fi
elif [ "${AM_BWRAPPED-}" != "yes" ]; then
bwrap_path="$(command -v bwrap)"
if [ -n "$bwrap_path" ]; then
export AM_BWRAPPED=yes
exec "$bwrap_path" --unshare-net --dev-bind / / "$0" "$@"
fi
unset AM_BWRAPPED
fi
if ! test -n "$WOLFSSL_OPENSSL_TEST"; then
echo "WOLFSSL_OPENSSL_TEST NOT set, won't run"
exit 0
+15
View File
@@ -1,6 +1,21 @@
#!/usr/bin/env bash
#set -x
# if we can, isolate the network namespace to eliminate port collisions.
if [[ -n "$NETWORK_UNSHARE_HELPER" ]]; then
if [[ -z "$NETWORK_UNSHARE_HELPER_CALLED" ]]; then
export NETWORK_UNSHARE_HELPER_CALLED=yes
exec "$NETWORK_UNSHARE_HELPER" "$0" "$@" || exit $?
fi
elif [ "${AM_BWRAPPED-}" != "yes" ]; then
bwrap_path="$(command -v bwrap)"
if [ -n "$bwrap_path" ]; then
export AM_BWRAPPED=yes
exec "$bwrap_path" --cap-add ALL --unshare-net --dev-bind / / "$0" "$@"
fi
unset AM_BWRAPPED
fi
# Run this script from the wolfSSL root
if [ ! -f wolfssl/ssl.h ]; then
echo "Run from the wolfssl root"